[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELBA-2018-4050)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Mar 21 10:59:15 PDT 2018
Synopsis: ELBA-2018-4050 can now be patched using Ksplice
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2018-4050.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2017-16649: Divide by zero when binding a network USB device.
A logic error when binding a network USB device could lead to a divide
by zero error. A local attacker could use this flaw to cause a
* Missing Spectre v1 reporting.
Incorrect setting of the Spectre v1 bug flag could fail to report a
system as being mitigated with an lfence based defence.
* System crash in Broadwell microcode updates.
A microcode bug in specific Broadwell microcode revisions could result
in a system crash and reboot when applying microcode updates. For these
revisions, only a BIOS based microcode update is supported.
* Missing Spectre V2 protections on AMD systems.
A difference in capability reporting between AMD and Intel based X86
systems could result in failure to apply IBRS protections on AMD
* Missing IBRS protection for KVM guests.
IBRS needs to be exposed for KVM guests that will only mitigate Spectre
V2 with IBRS. This allows a host without IBRS protection active to
still allow guests to use IBRS themselves.
* Spectre v2 hardening on context switch.
Additional speculation barriers on context switch add protection for
sensitive processes to prevent leaking of sensitive data across
* Spectre v2 bypass in 32-bit compatibility system calls.
Missing clearing of unused registers during a system call could allow an
attacker to cause speculation on user-supplied values under specific
* Kernel crash in interrupt exit with KPTI.
Incorrect dereferencing of a kernel pointer under user page table
mappings could result in a kernel crash when leaving an interrupt
handler under specific conditions.
* Kernel hang in QLogic mailbox handling.
Incorrect locking could result in deadlock and a kernel hang when
processing mailboxes on a QLogic network adapter.
* Kernel crash in KVM guest user mode return.
Incorrect locking could result in a use-after-free and kernel crash when
a KVM guest returned to user mode under specific conditions.
* Kernel hang in the SCSI stack when changing device state.
Lack of locking when checking and changing an SCSI device state could
result in state corruption and a device stall.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata